Detects a phishing kit impersonating Webmail.
title: Webmail Phishing 27971b3a
description: |
Detects a phishing kit impersonating Webmail.
references:
- https://urlscan.io/result/27971b3a-f9f4-44ea-9df6-b3af1e386048/
- https://urlscan.io/search/#filename%3A%22evergageSmall.min.js.download%22
detection:
imageAssets:
requests|endswith|all:
- "/images/logo_1.png"
- "/images/logo_2.png"
randomString:
html|contains: 'bis_register="W3sibWFzdGVyIjp0cnVlLCJleHRlbnNpb25JZCI6ImVwcGlvY2VtaG1ubGJoanBsY2drb2ZjaWllZ29tY29uIiwiYWRibG9ja2VyU3RhdHVzIjp7IkRJU1BMQVkiOiJlbmFibGVkIiwiRkFDRUJPT0siOiJlbmFibGVkIiwiVFdJVFRFUiI6ImVuYWJsZWQiLCJSRURESVQiOiJkaXNhYmxlZCJ9LCJ2ZXJzaW9uIjoiMS45LjAzIiwic2NvcmUiOjEwOTAzMH1d"'
condition: imageAssets and randomString